top title background image
flash

SLIP.exe

Status: finished
Submission Time: 2022-07-26 18:21:26 +02:00
Malicious
Trojan
Spyware
Evader
FormBook

Comments

Tags

  • exe
  • formbook

Details

  • Analysis ID:
    673743
  • API (Web) ID:
    1041244
  • Analysis Started:
    2022-07-26 18:34:02 +02:00
  • Analysis Finished:
    2022-07-26 18:46:10 +02:00
  • MD5:
    5d3bd8a99d63e0cbe343ab926549970e
  • SHA1:
    75771251a3c5a008d6a226c713e7fcbe62ce7ddf
  • SHA256:
    0619d06bd956864677a71b2044e184c38050aaf55ec7fcd05376f72200502106
  • Technologies:

Joe Sandbox

Engine Download Report Detection Info
malicious
malicious
Score: 100
System: Windows 10 x64 22H2 with Office Professional Plus 2019, Chrome 134, Firefox 118, Adobe Reader DC 23, Java 8 Update 381, 7zip 23.01

Third Party Analysis Engines

malicious
Score: 27/71
malicious
Score: 11/41
malicious

Domains

Name IP Detection
www.looping.top
161.117.95.101

URLs

Name Detection
www.lavernprint.com/h06r/
http://www.jiyu-kobo.co.jp/jp/8(U
http://www.carterandcone.comibi
Click to see the 70 hidden entries
http://www.fontbureau.com/designers/cabarga.htmlN
http://www.founder.com.cn/cn/
http://www.carterandcone.coml
http://en.w
https://d1zkve10pauhk7.cloudfront.net/
http://www.fontbureau.comd
http://www.jiyu-kobo.co.jp/jp/
http://www.jiyu-kobo.co.jp/A
http://www.founder.com.cn/cn
http://www.fontbureau.comdf
http://www.jiyu-kobo.co.jp/I
http://www.fontbureau.com
http://www.apache.org/licenses/LICENSE-2.0
http://www.sakkal.com
http://www.carterandcone.como.
http://schemas.xmlsoap.org/ws/2005/05/identity/claims/name
http://www.zhongyicts.com.cno.
https://l3filejson4dvd.josyliving.com/static/js/app.ea3b96e07541b6f31845.js
http://www.fontbureau.com#(
http://www.carterandcone.comncy
http://www.jiyu-kobo.co.jp/f
http://www.fontbureau.comals
http://www.fontbureau.comce
http://www.fontbureau.comalicf
http://www.fontbureau.com/designers8
http://www.fontbureau.com/designers/cabarga.htmlK
http://www.jiyu-kobo.co.jp/
http://www.jiyu-kobo.co.jp/m
http://www.fontbureau.comcomF
http://www.fontbureau.com/designers/cabarga.html
https://l3filejson4dvd.josyliving.com/static/css/app.da19da5ca5431481bf2d45303a3c3f90.css
https://d322uc7y3fcjjx.cloudfront.net/
http://www.fontbureau.com/designers/frere-jones.html
http://www.founder.com.cn/cng
http://www.tiro.com
http://www.founder.com.cn/cn/cThe
http://www.typography.netD
http://www.sajatypeworks.com
http://www.fontbureau.comalsF
http://www.carterandcone.com
http://www.goodfont.co.kr
http://www.fontbureau.com/designers
https://analytics.tiktok.com/i18n/pixel/events.js
http://www.galapagosdesign.com/staff/dennis.htm
http://www.jiyu-kobo.co.jp/s_tr1(
https://s.yimg.com/wi/ytc.js
http://www.fontbureau.comessed1(
http://www.fontbureau.com/designers?
http://www.fontbureau.comB.TTFH
http://www.founder.com.cn/cn/bThe
http://www.fontbureau.com/designers/?
https://l3filejson4dvd.josyliving.com/favicon.ico
http://www.founder.com.cn/cnZ)
http://www.zhongyicts.com.cn
http://www.urwpp.deDPlease
https://l3filejson4dvd.josyliving.com/static/js/manifest.abd9c406e13d0635ab5d.js
http://www.sandoll.co.kr
http://www.fonts.com
http://www.jiyu-kobo.co.jp/(
http://www.jiyu-kobo.co.jp/Y0
http://www.galapagosdesign.com/DPlease
http://www.fontbureau.com/designersG
https://connect.facebook.net/en_US/fbevents.js
http://www.jiyu-kobo.co.jp//
http://www.jiyu-kobo.co.jp/jp/#(
https://l3filejson4dvd.josyliving.com/static/js/vendor.9a1d92fc3c9cfa77c4d4.js
http://www.fontbureau.com.TTFt
http://www.fontbureau.comgrita
http://fontfabrik.com
http://www.jiyu-kobo.co.jp/#(

Dropped files

Name File Type Hashes Detection
C:\Users\user\AppData\Local\Microsoft\CLR_v4.0_32\UsageLogs\SLIP.exe.log
ASCII text, with CRLF line terminators
#
C:\Users\user\AppData\Local\Temp\tmpD765.tmp
XML 1.0 document, ASCII text
#
C:\Users\user\AppData\Roaming\286A6D4V\286logri.ini
data
#
Click to see the 3 hidden entries
C:\Users\user\AppData\Roaming\286A6D4V\286logrv.ini
data
#
C:\Users\user\AppData\Roaming\ywfJZFFy.exe
PE32 executable (GUI) Intel 80386 Mono/.Net assembly, for MS Windows
#
C:\Users\user\AppData\Roaming\ywfJZFFy.exe:Zone.Identifier
ASCII text, with CRLF line terminators
#